Device-to-device authentication system, device-to-device authentication method, communication apparatus, and computer program

ABSTRACT

In view of the fact that devices connected on a home network are located in home, that is, at close range and therefore a user can physically access the devices within a relatively short period of time, identifying whether or not a home server for distributing the contents and a client terminal using the contents are connected to the same home network based on whether or not they can share access to the same physical medium within a short period of time. The authenticity of devices connected on a home network connected to an external network via a router is authenticated.

TECHNICAL FIELD

The present invention relates to a device-to-device authenticationsystem, a device-to-device authentication method, a communicationapparatus and a computer program, for authenticating the authenticity ofdevices connected via a network, in particular, to a device-to-deviceauthentication system, a device-to-device authentication method, acommunication apparatus and a computer program, for authenticating theauthenticity of devices connected on a home network connected to anexternal network via a router.

More specifically, the present invention relates to a device-to-deviceauthentication system, a device-to-device authentication method, acommunication apparatus and a computer program, for authenticatingwhether or not devices are connected within a certain scope, inparticular, to a device-to-device authentication system, adevice-to-device authentication method, a communication apparatus and acomputer program, for authenticating whether or not one of the devicescan use the contents legitimately acquired by the other device withinthe scope of private use allowed by the copyright law.

BACKGROUND ART

Owing to the recent diffusion of the Internet, various digital contentsincluding a computer file are actively distributed on a network.Moreover, with the spread of a broadband communication network (xDSL (xDigital Subscriber Line), CATV (Cable TV), a wireless network or thelike), a mechanism capable of transmitting the distribution of digitaldata such as music data, image data or electronic publication and evenrich contents such as a motion picture without giving any stresses to auser is now being arranged.

On the other hand, the distributed contents are digital data, andtherefore, an unauthorized operation such as copy or falsification canbe relatively easy to perform. Moreover, a fraud such as the copy or thefalsification of the contents is currently frequently committed, whichis a main cause of hampering the interest of a digital-content vendor.As a result, a vicious cycle that the price of the contents must beincreased to result in the hindrance of diffusion is generated.

For example, recently, the technology of a computer, a network or thelike is steadily spreading to general households. An information devicesuch as a personal computer for home use or a PDA (Personal DigitalAssistants) and, in addition, various information home appliances suchas a television set and a video playback apparatus are interconnectedvia a home network. In many cases, such a home network is interconnectedto an external broadband network including the Internet via a router.After the contents legitimately acquired from a server on the Internetare stored in a server on the home network (hereinafter, referred to asa “home server”), the contents are distributed via the home network toanother in-home terminal (client).

Under the copyright law, the contents as copyright work are protectedagainst unauthorized use such as unauthorized copy or falsification. Onthe other hand, an authorized user is allowed to copy the contents forprivate use, that is, for personal use, family use or other similar useswithin a limited circle (see Copyright Law of Japan, Article 30).

If the scope of private use is applied to the above-described homenetwork, the client terminal connected to the home network is supposedto be within the scope of personal use or family use. Therefore, it isconsidered that it is appropriate for the client terminal on the homenetwork to make free use of the legitimately acquired contents in thehome server (it is apparent that the number of terminals which can enjoythe contents is required to be limited to a certain number).

With a current technique, however, it is difficult to identify whether aclient terminal logging into the home network is within the scope ofprivate use or not.

For example, since the home network is interconnected to an externalnetwork via a router based on an IP protocol, the home server does notknow where a client making access actually is. If the home serverprovides the contents to external (remote) access, the use of thecontents is substantially unrestrained. Therefore, the copyright for thecontents is almost unprotected. As a result, a content creator may losethe motivation of the creation.

Furthermore, if the home server allows the client terminal in the homenetwork to use the contents in the same manner, the same client terminallogs into a plurality of home networks at time intervals. As a result,it can use the contents almost unrestrictedly.

On the other hand, if strict restrictions are imposed on the clientterminal, a user cannot ensure the private use fundamentally allowed bythe copyright law. As a result, the user cannot satisfactory enjoy thecontents. Accordingly since the use of a home server or acontent-distribution service is not well promoted, the development ofcontent business itself may be impeded.

For example, in consideration of the fact that a user who legitimatelypurchases copyright work is allowed for free use of it, a method formore easily obtaining consent from an owner of the rights to thecontents for the copy and the use of information on a network by theuser has been proposed (see, for example, Japanese Patent ApplicationPublication No. 2002-73861). However, this method classifies usersdepending on the level of relation with the owner of the rights to theuse of information and distributes the information by a differentdistribution method for each level of the relation. This method does notidentify the extent of the scope of private use on the network.

Furthermore, as a protocol constituting the home network, for example,an UPnP (registered trademark) has recently been known. The UPnP allowseasy network construction without any complicated operations and allowsa content-providing service between network-connected devices withoutany difficult operations and setting. Moreover, the UPnP is advantageousin that it is not dependent on an operating system (OS) and the additionof a device is easy.

In the UPnP, network-connected devices exchange a definition filedescribed in an XML (extended Markup Language) format for mutualauthentication. The outline of processing of the UPnP is as follows.

(1) Addressing process: its own device ID such as an IP address isacquired.

(2) Discovery process: each device on a network is searched so as toacquire information such as device type or a function contained in aresponse received from each device.

(3) Service request process: a request is made for a service to eachdevice based on information acquired by the discovery process.

By such a processing procedure, a service can be provided and receivedusing network-connected devices. A device to be connected to the networkacquires a device ID by the addressing process and acquires informationfor other devices on the network by the discovery process, therebyenabling a service request.

The contents stored in the home server can be accessed from otherdevices on the home network. For example, the contents can be acquiredby a device implementing the UPnP connection. If the contents are videodata or audio data, a TV or a player is connected as a network-connecteddevice so that a movie or music can be enjoyed.

However, in the device within the home network, for example, in the homeserver, the contents requiring copyright management such as privatecontents or pay contents are stored. Therefore, it is necessary toconsider the countermeasure against unauthorized access.

It is natural that access from a device of a user having the rights tothe use (a license) of the contents is allowed. However, in a homenetwork environment interconnected to the external network via a homerouter, even a user without a license can get into the home network.

In order to exclude unauthorized access, for example, the home server ismade to have a list of clients whose access is allowed so that collationwith the list is executed each time access to the home server isrequested from a client. In this way, unauthorized access can beexcluded.

For example, MAC address filtering is known, which uses a MAC (MediaAccess Control) address corresponding to a physical address unique toeach communication apparatus to set it as an access-allowable devicelist. More specifically, a MAC address of each device whose access isallowed is registered on a router or a gateway for isolating theinternal network such as the home network and the external network fromeach other. A MAC address assigned to a received packet and theregistered MAC address are collated with each other. Access from adevice with an unregistered MAC address is refused (see, for example,Japanese Patent Application Publication No. 10-271154).

In order to construct the access-allowable device list, however, it isnecessary to check the MAC addresses of all the devices connected to theinternal network. Moreover, efforts to input all the acquired MACaddresses so as to create a list are required. Furthermore, in the homenetwork, a connected device is relatively frequently changed. Therefore,the access-allowable device list has to be modified for each suchchange.

DISCLOSURE OF THE INVENTION

An object of the present invention is to provide preferabledevice-to-device authentication system, device-to-device authenticationmethod, communication apparatus and computer program, which are capableof suitably authenticating the authenticity of devices connected on ahome network connected to an external network via a router.

Another object of the present invention is to provide preferabledevice-to-device authentication system, device-to-device authenticationmethod, communication apparatus and computer program, which are capableof suitably authenticating whether or not one of the devices can use thecontents legitimately acquired by the other device within the scope ofprivate use allowed by the copyright law.

The present invention is devised in view of the above problems. A firstaspect thereof is a device-to-device authentication system forauthenticating whether or not devices on a network are connected withina certain range, characterized in that: each of the devicesinterconnected via the network has a mediating device interface forphysically accessing a mediating device such that the mediating deviceis removable, and local environment management means for authenticatingthat another device physically accessing the same mediating devicewithin a predetermined period of time is located in a local environmentwhere the contents are available; wherein use of the contents is allowedbetween the devices in the local environment.

However, a “system” herein means a logical assembly of a plurality ofapparatuses (or functional modules for realizing a specific function),and each apparatus or functional module may be or may not be present ina single housing body.

One of the devices connected to a home network is a home server forlegitimately acquiring the contents from the external network via therouter or through package media or broadcast reception, whereas theother device is a client for making a request for the contents to thehome server for use. In response to the confirmation of the presence ofboth the devices on the same home network, the home server provides thecontents and/or issues a license for the contents to the client.

Under the copyright law, the contents as copyright work are protectedagainst unauthorized use such as unauthorized reproduction orfalsification. On the other hand, an authorized user of the copyrightwork is allowed to reproduce the contents for private use, that is, forpersonal use, family use or other similar uses in a limited circle.

Accordingly, in the present invention, on the assumption that a clientterminal present at such close range that allows an mediating device tobe physically passed within a predetermined period of time, that is,present in the local environment falls within the scope of private use,only a client that is authenticated to be under the local environment bythe local environment management means can use the contents stored on ahome server.

Two or more home servers can be installed on the home network. In such acase, since client terminals on the same home network are under thelocal environment, each home server registers them as members to form agroup in an independent manner so as to distribute the contents and toissue a license for the use of the contents. Furthermore, the clientterminal can be registered as a member simultaneously on two or morehome servers on the same home network to belong to a plurality of groupsso as to acquire a license of the contents from each of the homeservers.

Also in this case, since the client terminal is under the localenvironment for each of the home servers and therefore is supposed tofall within the scope of personal or family use, it is appropriate forit to make free use of the contents of each of the home serves in thelocal environment.

On the other hand, even if the client terminal can be registered on aplurality of home server as a member at the same time, it should not beallowed to belong to a plurality of groups of home servers over aplurality of home networks at time intervals. This is because theconnection to another home network corresponds to the move of the clientterminal to a remote environment for the first connected home network orthe connection to one home network is equivalent to the presence of theclient terminal in a remote environment for the other home networks.

Therefore, a client can use the contents acquired from a plurality ofhome servers on the same home network, however, upon connection to ahome server on another home network, the client cannot use the contentsacquired from the home servers on the home network other than currentlyconnected.

A current network protocol does not provide any mechanisms foridentifying whether or not the devices interconnected via the networkare authentic, that is, they can privately use the contents within thescope of personal or family use. Therefore, in view of the fact that thedevices connected on the home network are located in home, that is, atclose range and therefore a user can physically access the deviceswithin a relatively short period of time, the local environmentmanagement means identifies whether or not the devices are present underthe same local environment based on whether or not the devices can sharethe access to the same physical medium within a short period of time.

For example, in the case where a mediating device capable of retainingpredetermined identification information is used, the local environmentmanagement means can authenticate that each of the devices is in thelocal environment based on the fact that each of the devices physicallyaccessing the mediating device reads the same identification informationfrom the mediating device and/or that time at which each of them readsthe identification information is within a predetermined period of time.

Moreover, in the case where a mediating device including atamper-resistant memory for retaining confidential information in asecure manner is used, at least one device has a function of generatingconfidential information in the form of random number or in the otherforms. The local environment management means can authenticate that eachof the devices is located in the local environment based on the factthat the confidential information generated from a single device can beacquired by another device via the mediating device within apredetermined period of time.

At this time, the device generating the confidential information mayallow the confidential information to erase after elapse of apredetermined period of time. In this case, the local environmentmanagement means can authenticate a device, which is capable of sharingthe confidential information prior to the loss of the confidentialinformation in the device generating the confidential information, islocated in the local environment.

A second aspect of the present invention is a computer program describedin a computer-readable format so as to execute a process, on a computersystem, for authenticating whether or not devices on a network areconnected within a certain scope, characterized in that: each of thedevices interconnected via the network including a mediating deviceinterface for physically accessing a mediating device such that themediating device is removable, the computer program, characterized byincluding: a local environment management step of authenticating thatanother device physically accessing the same mediating device within apredetermined period of time is located in a local environment allowinguse of the contents; and a content-using step of allowing the use of thecontents between the devices in the local environment.

The computer program according to the second aspect of the presentinvention defines a computer program described in a computer-readableformat so as to realize a predetermined process on a computer system. Inother words, by installing the computer program according to the secondaspect of the present invention on a computer system, a cooperativefunction is demonstrated on the computer system. As a result, the sameeffects as those of the device-to-device authentication system accordingto the first aspect of the present invention can be obtained.

The other objects, features and advantages of the present invention willbe apparent from the detailed description based on the followingembodiments of the present invention and the accompanying drawings.

BRIEF DESCRIPTION OF DRAWINGS

FIG. 1 is a diagram schematically showing a basic structure of a homenetwork;

FIG. 2 is a diagram showing an exemplary structure of a home network onwhich two home servers are present;

FIG. 3 is a diagram showing a state where a client terminal is connectedto a plurality of home networks;

FIG. 4 is a diagram schematically showing a structure of a home networkaccording to one embodiment of the present invention;

FIG. 5 is a diagram schematically showing a structure of a home networkaccording to another embodiment of the present invention;

FIG. 6 is a diagram schematically showing a hardware structure of a hostapparatus connected to the home network as a server, a client or thelike;

FIG. 7 is a diagram showing a state where a local environment isauthenticated by using a mediating device between two host apparatusesthat are connected through a network;

FIG. 8 is a diagram showing a variation of an authentication process ofa local environment, implemented between the host apparatuses shown inFIG. 7;

FIG. 9 is a diagram showing an operation sequence performed between amediating device interface 40-1 and an mediating device;

FIG. 10 is a diagram showing an operation sequence performed between amediating device interface 40-2 and a mediating device; and

FIG. 11 is a diagram showing an operation for performing a confirmationprocess of a local environment between a host apparatus #1 and a hostapparatus #2.

BEST MODE FOR CARRYING OUT THE INVENTION

Hereinafter, embodiments of the present invention will be described indetail with reference to the drawings.

Under the copyright law, the contents as copyright work are protectedagainst unauthorized use such as unauthorized reproduction orfalsification. On the other hand, an authorized user of the copyrightwork is allowed to reproduce the contents for private use, that is, forpersonal use, family use or other similar uses in a limited circle (seeCopyright Law of Japan, Article 30).

On the assumption that a client terminal in a home network (hereinafter,also referred to as a “local environment”) falls within the scope ofprivate use, the inventors of the present invention propose a system inwhich only a client under the local environment can use the contentsstored on a home server.

Herein, the definition of the local environment will be described.

FIG. 1 schematically shows a basic structure of a home network. As shownin the drawing, a home network installed in home is connected to anexternal network such as the Internet via a home router.

On the home network, a home server and at least one client terminal arepresent. The home server legitimately acquires and stores the contentsfrom a content server on the external network via the home router todistribute the contents in home. It is apparent that the home server canacquire the contents by means other than the network, such as packagemedia or broadcast reception. Each client terminal makes a request fordesired contents to the home server so as to acquire them for use.

The client terminals connected to the home network are present under thelocal environment, and it is supposed that they are within the scope ofpersonal or family use. Therefore, it is considered that it isappropriate for the client terminals on the home network to make freeuse of the contents legitimately acquired on the home server.

Accordingly, the home server registers the client terminals under thelocal environment as members and issues a license for the contentsdistribution and the use of the contents. It is apparent that the numberof terminals capable of enjoying the contents is required to be limitedto a certain number.

Under the local environment, the client terminal acquires the contentsfrom the home server, uses the contents such as for copy or streamingand can also take the contents out of the local environment (into aremote environment) for use.

On the other hand, a client terminal that is not present on the homenetwork, that is, present in a remote environment, is not considered tobe within the scope of personal or family use. If the client terminal inthe remote environment is allowed to use the contents, the use of thecontents is substantially unrestrained. As a result, the copyright forthe contents is almost unprotected. Therefore, the home server neitherregisters the client in the remote environment as a member nor issues alicense of the contents.

In the example shown in FIG. 1, only one home server is present on thehome network. However, it is apparent that two or more home servers maybe installed on the same home server so that each of the home serversindependently provides a distribution service of the contents in thehome network.

FIG. 2 shows an exemplary structure of the home network on which twohome servers are present.

In this case, since client terminals on the same home network are undera local environment, each of the home servers independently registersthem as members to form a group so as to distribute the contents and toissue a license for the use of the contents. The client terminalacquires the contents from the home server, uses the contents such asfor copy or streaming and can also take the contents out of the localenvironment (into a remote environment) for use.

Furthermore, the client terminal can be registered simultaneously on twoor more home servers on the same home network as members to belong to aplurality of groups and can acquire a license of the contents from eachof the home servers. In this case, the client terminal is also presentunder the local environment for the respective home servers andtherefore it is supposed that it is within the scope of personal orfamily use. Therefore, it is considered that it is appropriate for theclient to make free use of the contents of each of the home servers inthe local environment.

On the other hand, even if the client terminal can be registered on aplurality of home server as a member at the same time, it should not beallowed to belong to a plurality of groups of home servers over aplurality of home networks at time intervals (see FIG. 3).

The connection to another home network is corresponding to the move ofthe client terminal to a remote environment for the first connected homenetwork or the connection to one home network is equivalent to thepresence of the client terminal in a remote environment for the otherhome networks. The local environment is within the personal or familyscope, whereas the remote environment departs from the personal orfamily scope.

It is technically possible for the client terminal to be connected to aplurality of home networks at time intervals. However, if the use of thecontents is successively allowed with the connection, the use of thecontents is substantially unrestrained. As a result, the copyright forthe contents is almost unprotected.

Summarizing the above, in order to realize a local environment that issupposed to be within the scope of personal or family use on the homenetwork, the followings are derived as necessary conditions.

(1) The home server does not allow member registration from outside ofthe home network; and

(2) When two or more home servers are present in the same home network,member registration and group management are performed for each of thehome servers. Each of the clients on the home network can be registeredon two or more home servers. However, the home servers simultaneouslyaccepting the registration must be present in the same home network.

In order to realize such a local environment, a mechanism foridentifying whether or not the home server and the client terminal arepresent on the same home network is required between them.

A current network protocol does not provide any mechanisms foridentifying a network, such as a home network, by segment. Therefore, inview of the fact that the devices connected to the home network arelocated in home, that is, at close range so that a user can physicallyaccess the devices within a relatively short period of time, theinventors of the present invention propose a method of identifyingwhether or not a home server for distributing the contents and a clientterminal using the contents are connected to the same home network basedon whether or not they can share access to the same physical mediumwithin a short period of time.

As the physical access generated for two devices within a short periodof time, which is herein mentioned, the insertion/removal of a recordingmedium inserted into a device through an interface such as a USB(Universal Serial Bus) or a memory stick in a standard manner or areading/writing operation from/to a non-contact IC card can be used.Alternatively, by near field data communication such as IrDA or byreducing the electric power of a communication device in compliance withIEEE 802.11 so as to limit the communication range, the physical accessgenerated for two devices within a short period of time can be usedinstead.

Hereinafter, embodiments of the present invention will be described indetail with reference to the drawings.

FIG. 4 schematically shows a structure of a home network according to anembodiment of the present invention.

A home network installed in home is connected to a WAN such as theInternet or another LAN via a home router. The home router is set as adefault gateway of the home network.

The home network is constituted by, for example, connecting LAN cablesof two or more host apparatuses such as a home server and a clientterminal to a hub (concentrator).

The host apparatuses on the home network, such as the home server, theclient terminal and the home router, and a host apparatus on theexternal network have MAC addresses, each being unique to a device. Thehost apparatus transmits and receives a packet including headerinformation containing a destination MAC address and a source MACaddress, for example, an Ethernet (registered trademark) frame via thenetwork.

The host apparatuses on the home network, such as the home server andthe client terminal, are constituted as, for example, UPnP-compatibledevices. In this case, the addition and the deletion of a connecteddevice to/from the network are easy. A device to be connected to thenetwork can enjoy service on the home network such as the use of thecontents in accordance with the following procedure.

(1) Addressing process: its own device ID such as an IP address isacquired.

(2) Discovery process: each device on a network is searched so as toacquire information such as device type or a function contained in aresponse received from each device.

(3) Service request process: A request for a service is made to eachdevice based on information acquired by the discovery process.

On the home network, a local environment that is supposed to be withinthe scope of personal or family use is formed. Therefore, the homeserver legitimately acquires and stores the contents from a contentserver on the external network via the home router to distribute thecontents in home. Each of the client terminals is allowed to make arequest for desired contents to the home server so as to acquire themfor use.

Under the local environment, the client terminal acquires the contentsfrom the home server to use the contents such as for copy or streaming.Furthermore, it can take the contents out of the local environment (intothe remote environment) for use.

FIG. 5 schematically shows a structure of a home network according toanother embodiment of the present invention.

The home network is connected to a WAN such as the Internet or anotherLAN via the home router. In this case, the home router is also set as adefault gateway of the home network.

This differs from FIG. 4 in that two home servers are present on thehome network. The respective home servers may be simultaneously presenton the home network or may be connected at a time interval.

In this case, since the client terminals on the same home network areunder the local environment, each of the home servers registers them asmembers to form a group so as to distribute the contents and to issue alicense for the use of the contents. The client terminal acquires thecontents from the home server, uses the contents such as for copy orstreaming and can also take the contents out of the local environment(into a remote environment) for use. Furthermore, the client terminalcan be registered simultaneously on two or more home servers on the samehome network as members to belong to a plurality of groups so as toacquire a license of the contents from each of the home servers.

FIG. 6 schematically shows a hardware structure of a host apparatusconnected to the home network as a server, a client or the like.

The system is constituted mainly of a processor 10. The processor 10executes various processes based on a program stored in a memory. Theprocessor controls various peripheral devices connected through a bus30. The peripheral devices connected to the bus 30 are as follows.

A memory 20 is constituted of a semiconductor memory, for example, aDRAM (Dynamic RAM) or the like and is used to load a program codeexecuted in the processor 10 or to temporarily store operation data ofan execution program.

A display controller 21 generates a display image in accordance with adraw command sent from the processor 10 and transmits it to a displayapparatus 22. The display apparatus 22 connected to the displaycontroller displays and outputs the image on a screen in accordance withdisplay image information transmitted from the display controller 21.

An input/output interface 23, to which a keyboard 24 and a mouse 25 areconnected, transfers an input signal from the keyboard 24 or the mouse25 to the processor 10.

A network interface 26 is connected to the external network such as aLAN or the Internet and controls data communication through theInternet. Specifically, it transfers data transmitted from the processor10 to another apparatus on the Internet and receives data transmittedthrough the Internet so as to pass it to the processor 10.

A hard disk drive (HDD) controller 27, to which a high-capacity externalstorage apparatus 28 such as an HDD is connected, controls the input andoutput of data to the HDD 28 to which the HDD controller 27 isconnected. The HDD 28 stores a program of an operating system (OS), anapplication program, a driver program and the like to be executed by theprocessor. The application program is, for example, a server applicationfor authenticating each client terminal on the home network as the homeserver or for providing the contents or issuing a license, a clientapplication for use of the contents such as for reproduction of thecontents provided by the server or the like, and the like.

A mediating device interface 40 is an apparatus for allowing physicalaccess to the same mediating device to be shared with another device inthe local environment within a short period of time. As the mediatingdevice, a recording medium to be inserted into a device through aninterface in a standard manner such as a USB (Universal Serial Bus) or amemory stick or a non-contact IC card can be cited. The mediating deviceinterface 40 is a media slot in the former case, whereas it is a cardreading/writing apparatus in the latter case.

Since it is supposed that the devices whose access to the same mediatingdevice occurs within a relatively short period of time are located atclose range, that is, in the same home, they are considered to be in thelocal environment and therefore the reproduction of the contents isconsidered to be within the scope of personal or family use.

In order to constitute the host apparatus, a large number of electriccircuits or the like are required in addition to those illustrated inFIG. 6. However, since they are known to those skilled in the art and donot constitute the gist of the present invention, they are omitted inthis specification. Moreover, it should be understood that eachconnection between hardware blocks in the drawing is only partiallyillustrated in order to avoid the complication of the drawing.

FIG. 7 illustrates a state where the local environment is authenticatedbetween two host apparatuses connected through the network by using themediating device.

The host apparatuses are a home server for distributing the contents anda client terminal using the contents. They are interconnected via thesame home network, a WAN or other LANs.

For convenience of the description, it is assumed that the mediatingdevice is an USB-connected memory device and the mediating deviceinterface 40 is a USB port equipped for each of the host apparatuses ina standard manner.

If each of the host apparatuses is located in the local environment,that is, in the same home, an operation of inserting the USB-connectedmemory into one of the host apparatuses and then removing it therefromso as to insert it into the other host apparatus can be completed withina relatively short period of time such as several tens of seconds orseveral minutes. Then, the host apparatuses collate the identificationinformation respectively read from the USB-connected memory via thenetwork and can confirm the physical access is made to the samemediating device. In this manner, if the contents are shared at closerange allowing the mediating device to be passed within a short periodof time, it is not considered to depart from the protected scope of thecopyright.

When the USB-connected memory is inserted into the mediating deviceinterface, a host apparatus #1 reads identification informationtherefrom and retains its read time. Then, the USB-connected memory isremoved from the host apparatus #1 and inserted into the mediatingdevice of the host apparatus #2. The host apparatus #2 also readsidentification information from the USB-connected memory and retains itsread time. Furthermore, the host apparatus #1 and the host apparatus #2confirm that both the apparatuses are located at close range, that is,in the local environment based on the fact that they share the sameidentification information and the time at which the identificationinformation is acquired is within a predetermined period of time (or thecollation is successfully performed within a predetermined period oftime after the acquisition of the identification information) throughthe communication via the network.

The use of the contents between the devices is allowed only in the thusformed local environment, thereby effectively restraining theunauthorized distribution of the contents.

In the example shown in FIG. 7, the authentication procedure of thelocal environment is implemented between two host apparatuses. Even inthe case of three or more host apparatuses, it is apparent that all theapparatuses are supposed to be located in the same local environment andto be grouped together for use of the contents as long as the collationprocess through the mediating device such as the USB-connected memorycan be realized within a predetermined period of time. However, if thegrouping is allowed in an unrestrained manner, the contents are diffusedand the possibility of failing to protect the copyright is raised.Therefore, the number thereof should be limited to a certain number.

FIG. 8 illustrates a variation for the authentication of the localenvironment between two network-connected host apparatuses by using themediating device.

Since the USB-connected memory is not given protection against externalaccess in the example shown in FIG. 7, a similar authenticationprocedure can actually be spoofed between host apparatuses, which are inthe remote environment by duplicating the USB-connected memory havingthe same identification information.

On the other hand, in the example shown in FIG. 8, the mediating deviceinterface 40 of each of the host apparatuses and the mediating devicehave tamper-resistance and therefore are protected against unauthorizedexternal access. Moreover, fixed identification information is notstored in the USB-connected memory as the mediating device.

A mediating device interface 40-1 of one of the host apparatuses has arandom number generator. Upon insertion of the USB-connected memory, itwrites a generated random number to a tamper-resistant area in thememory. Then, the mediating device interface 40-1 retains the generatedrandom number for a short period of time needed only to pass theUSB-connected memory within close range.

FIG. 9 shows an operation performed between the mediating deviceinterface 40-1 and the mediating device at this time. Upon generation ofa request for confirmation of the local environment, a predeterminedauthentication process is first implemented between the mediating deviceinterface 40-1 and the mediating device. Thereafter, the mediatingdevice interface 40-1 transfers identification information (for example,a temporarily generated random number) to the mediating device. Inresponse to it, the mediating device gives a response.

Thereafter, a user removes the USB-connected memory and inserts it intoa mediating device interface 40-2 of the other host apparatus. Themediating device interface 40-2 accesses the USB-connected memory andreads the random number written thereto.

FIG. 10 shows an operation implemented between the mediating deviceinterface 40-2 and the mediating device at this time. Upon generation ofa request for confirmation of the local environment, a predeterminedauthentication process is first implemented between the mediating deviceinterface 40-2 and the mediating device. Thereafter, the mediatingdevice interface 40-2 requests identification information (for example,a temporarily generated random number) to the mediating device. Inresponse to it, the mediating device gives a response to the mediatingdevice interface 40-2.

Thereafter, the respective host apparatuses collate the random numbersvia the network and can confirm within a predetermined period of timethat physical access is made to the same mediating device each other. Inorder that each of the host apparatuses confirms whether or not thephysical access to the mediating device occurs within a predeterminedperiod or time, for example, a method of storing the time of access tothe mediating device made by each of the host apparatuses and comparingthe respective access time, a method of allowing the random number to beerased by the host apparatus generated the random number after elapse ofa predetermined period of time and confirming via the network that thehost apparatuses share the same random number until the random number islost, and the like can be used.

FIG. 11 shows an operation for implementing a confirmation process ofthe local environment between the host apparatuses #1 and #2. Uponreception of the random number from the USB-connected memory in a securemanner, the host apparatus #2 searches a host apparatus retaining thesame random number on a LAN segment to which itself is connected. Thesearch is made by, for example, broadcasting a local environmentconfirmation request packet containing the random number on the LAN.Then, when the host apparatus #1 receives a packet containing the samerandom number within a predetermined period of time after the generationof the random number or before the random number generated by itselfloses, host apparatus #1 gives a response to it. As a result, the hostapparatuses #1 and #2 confirm that they are located in the localenvironment.

The use of the contents between the devices is allowed only in the thusformed local environment, thereby effectively restraining theunauthorized distribution of the contents.

Even if the contents are shared at close range allowing the mediatingdevice to be passed within a short period of time as described above, itis not considered to depart from the protected scope of the copyright.Thereafter, an encryption key may be generated by using the randomnumber passed through the USB-connected memory as type information so asto perform encryption communication.

In the example shown in FIG. 8, the authentication procedure of thelocal environment is implemented between two host apparatuses. However,it is apparent that, even in the case of three or more host apparatuses,all the apparatuses are supposed to be located in the same localenvironment and grouped together for use of the contents as long as thecollation process through the mediating device such as the USB-connectedmemory can be realized within a predetermined period of time. However,if the grouping is allowed in an unrestrained manner, the contents arediffused and the possibility of failing to protect the copyright israised. Therefore, the number of the host device should be limited to acertain number.

Supplement

The present invention has been described in detail above with referenceto specific embodiments. However, it is obvious that those skilled inthe art can modify or substitute the embodiments without departing fromthe gist of the present invention. Specifically, the present inventionis disclosed only by way of example, and therefore the description ofthe specification should not be read as limitative. In order todetermine the gist of the present invention, the claims should be takeninto consideration.

INDUSTRIAL APPLICABILITY

According to the present invention, preferable device-to-deviceauthentication system, device-to-device authentication method,communication apparatus and computer program, which are capable ofsuitably authenticating the authenticity of devices connected on a homenetwork connected to an external network via a router, can be provided.

Moreover, according to the present invention, preferabledevice-to-device authentication system, device-to-device authenticationmethod, communication apparatus and computer program, which are capableof suitably authenticating whether or not one of the devices can use thecontents legitimately acquired by the other device within the scope ofprivate use allowed by the copyright law, can be provided.

According to the present invention, the use of the contents is allowedbetween devices only in a local environment, so that the unauthorizeddistribution of the contents can be effectively restrained.

1. A device-to-device authentication system for authenticating whendevices on a network are connected within a certain range, comprising: afirst device comprising: a first mediating device interface forphysically connecting a removable mediating device, wherein the firstdevice reads information from the removable mediating device or thefirst device stores the information in the removable mediating devicewhen the mediating device is physically connected to the first mediatingdevice interface, a second device comprising: a second mediating deviceinterface for physically connecting the removable mediating device,wherein the second device reads the information from the removablemediating device or the second device stores the information in theremovable mediating device when the mediating device is physicallyconnected to the second mediating device, a network interface unitconfigured to receive a request for authentication over the network, anda local environment management unit configured to authenticate, based onthe information from the mediating device, that the first device and thesecond device are connected within the certain range when it isdetermined that a time between the physical connection of the mediatingdevice to the first mediating interface and the physical connection ofthe mediating device to the second mediating interface is within apredetermined period of time, wherein the first device can use contentwhen the first device is authenticated.
 2. The device-to-deviceauthentication system according to claim 1, wherein: the second deviceis a home server, the first device is a client for making a request forthe content to the home server; and, in response to authentication ofthe client, the home server provides the content and/or issues a licensefor the content to the client.
 3. The device-to-device authenticationsystem according to claim 1, wherein: two or more home servers are ableto be installed on the network; and at least one of the home serversprovides the content and/or issues a license for the content to a clientthat is authenticated.
 4. The device-to-device authentication systemaccording to claim 3, wherein the client is able to be receive provisionof the content and/or issuance of the license from at least one of thetwo or more home servers on the network.
 5. The device-to-deviceauthentication system according to claim 3, wherein upon connection to ahome server on a second network, the client is not able to use thecontent from the two or more home servers.
 6. The device-to-deviceauthentication system according to claim 1, wherein the informationcomprises predetermined identification information for determining thatthe first and the second device have connected to the removablemediating device within the predetermined period of time.
 7. Thedevice-to-device authentication system according to claim 1, wherein:the information comprises confidential information for determining thatthe first and the second device have connected to the removablemediating device within the predetermined period of time; and theremovable mediating device comprises a memory for retaining theconfidential information in a secure manner.
 8. The device-to-deviceauthentication system according to claim 7, wherein the confidentialinformation is erased after the predetermined period of time elapses. 9.A device-to-device authentication method for authenticating when deviceson a network are connected within a certain range, comprising:physically connecting a removable mediating device to a first physicalmediating device interface of a first device, wherein either the firstdevice reads information from the removable mediating device or thefirst device stores the information in the removable mediating device,when the mediating device is physically connected to the first mediatingdevice interface; physically connecting the removable mediating deviceto a second physical mediating device interface of a second device,wherein either the first device reads information from the removablemediating device or the first device stores the information in theremovable mediating device, when the mediating device is physicallyconnected to the first mediating device interface; receiving a requestfor authentication over the network; authenticating, base on theinformation from the removable mediating device, that the first deviceand the second device are connected within the certain range when it isdetermined that a time between the physical connection of the mediatingdevice to the first physical mediating interface and the physicalconnection of the mediating device to the second physical mediatinginterface is within a predetermined period of time; and allowing thefirst device to use content when the first device is authenticated. 10.The device-to-device authentication method according to claim 9,wherein: the second device is a home server, the first device is aclient for making a request for the content to the home server; and, inresponse to authentication of the client, the home server provides thecontent and/or issues a license for the content to client.
 11. Thedevice-to-device authentication method according to claim 9, wherein:two or more home servers are able to be installed on the network; and atleast one of the home servers provides the content and/or issues alicense for the content to a client that is authenticated.
 12. Thedevice-to-device authentication method according to claim 11, whereinthe client is able to be receive provision of the content and/orissuance of the license from at least one of the two or more homeservers on the network.
 13. The device-to-device authentication methodaccording to claim 11, wherein upon connection to a home server on asecond network, the client is not able to use content from the two ormore home servers.
 14. The device-to-device authentication methodaccording to claim 9, wherein storing information in the removablemediating device further comprises: storing predetermined identificationinformation, for determining that the first and the second device haveconnected to the removable mediating device within the predeterminedperiod of time, in the removable mediating device.
 15. Thedevice-to-device authentication method according to claim 9, whereinstoring information in the removable mediating device further comprises:storing confidential information, for determining that the first and thesecond device have connected to the removable mediating device withinthe predetermined period of time, in a secure manner in the removablemediating device.
 16. The device-to-device authentication methodaccording to claim 15, wherein the confidential information is erasedthe predetermined period of time elapses.
 17. The device-to-deviceauthentication method according to claim 9, further comprising: writinga temporary random number to the mediating device; reading the temporaryrandom number from the mediating device; and collating the temporaryrandom number.
 18. A non-transitory computer-readable medium storing aprogram for causing a computer to execute a method for authenticatingwhether or not devices on a network are connected within a certainscope, the method comprising: physically connecting a removablemediating device to a first physical mediating device interface of afirst device, wherein either the first device reads information from theremovable mediating device or the first device stores the information inthe removable mediating device, when the mediating device is physicallyconnected to the first mediating device interface; physically connectingthe removable mediating device to a second physical mediating deviceinterface of a second device, wherein either the first device readsinformation from the removable mediating device or the first devicestores the information in the removable mediating device, when themediating device is physically connected to the first mediating deviceinterface; receiving a request for authentication over the network;authenticating, based on information stored in the removable mediatingdevice, that the first device and the second device are connected withina certain scope when it is determined that a time between the physicalconnection of the mediating device to the first device and the physicalconnection of the mediating device to the second device is within apredetermined period of time, and allowing the first device to usecontent when the first device is authenticated.